Designing authentication for people who've never created a password
How we built OTP-based login for borrowers who only have a case number
The users of Resolution Desk are borrowers who've received arbitration notices. Many of them are confused, anxious, and not technically sophisticated. Asking them to "create an account" would lose most of them before they even got to see their case.
The scale of the problem
Resolution Desk handles a massive volume — at the low end, we were issuing over 5,000 notices per day. The sheer influx of borrowers meant Resolution Desk couldn't support creating traditional user accounts for everyone. To solve this, we created a universal "borrower" role. Based on the credentials they provide, Resolution Desk uses APIs to bridge the backend Frappe portal with the Fin portal, authenticating them dynamically without creating individual database records.
Dynamic OTP routing and cost optimization
We implemented OTP-based authentication, but how we route that OTP depends on the available data. In our primary scenario, if we have both an email and a phone number on file, we send the OTP via email to save costs. If we only have a phone number, we fall back to SMS (which incurs a cost). This routing logic optimizes our messaging spend while ensuring borrowers can always get their code.
The offline borrower fallback
The most challenging scenario is when we have no email and no phone number at all. We send physical notices offline. When the borrower receives their letter, they log into Resolution Desk using their Loan Account Number (LAN). We then ask them to verify their Arbitration Number (ARB), or vice versa. Once matched, they are prompted to provide their phone number and email. After client approval, an email is sent to the borrower granting them full account access.
Zero-friction login via QR codes
Typing out long alphanumeric case IDs from a notice is tedious. To solve this, we introduced QR codes on all notices across every online and offline medium. When a borrower scans the QR code with their phone, they are instantly logged into Resolution Desk through securely signed tokens — bypassing the manual entry step entirely.